Have you raised a case with VMware supppot team? How many times you uploaded the logs to their portal? VMware Technical Support routinely request diagnostic information from you when a support request is handled. Today let’s look at available logs at NSX Product and which are helpful when you opened a case with VMware vendor. System Event Logs can be collected on vCenter, NSX Manager, NSX Controller, ESXi hosts and NSX Edge appliances. If you are using Syslog Server, then it is recommended that you specify the same syslog server for the NSX component and vCenter Server in order to get a complete picture when viewing logs on the syslog server.
Below reference table provides information on logs that are of importance to debugging various NSX Services. Refer to individual sections below for additional details and explanation on the log files.
Log Rotation Schedule
NSX appliances retain log information according to the following log rotation schedule. The log rotation schedule is automatic and cannot be changed. The retention schedule is:
- NSX Manager: vsm.log rotated after 200MB, max 10 files are retained. Files are compressed when stored.
- NSX Controller: Log files rotated after 100MB, max 5 files are retained. Files are compressed when stored.
- NSX Edge: All logs are stored in /var/log/messages, rotated after 2MB, with max of 5 files retained.
VMware recommends using syslog for long term retention of logs. All NSX components support syslog. Since the disk space on each appliance (NSX Manager, NSX Controller and NSX Edge) is limited by the VM size, the log rotation policy is primarily based on size (and not based on time).
NSX Manager – Tech Support Logs
NSX Manager reports SystemEvent for Logical Switch, Logical Router, Distributed Firewall and Edge Services. These logs can be access by downloading the Tech Support Log bundle. Tech Support logs can be manually downloaded from the NSX Manager Administration GUI at Home Download Tech Support Log. This will generate a gzip file that can be downloaded for viewing/troubleshooting.
NSX Controller Logs via CLI
NSX controller is an advanced distributed state management system that controls virtual networks and overlay transport tunnels.The following commands can be used to access log files on the NSX Controller:
show logs
To view a log file show log <log file name>
Hypervisor Logs
Accessing Hypervisor Logs locally on the host: NSX Component logs such as Distributed Firewall, netcpa, Distributed Virtual Switch, can be viewed locally on each ESXi host. List of log files related to NSX:
1. Distributed Firewall Packet logs can be found at /var/log/dfwpktlogs.log
2. Distributed Firewall UserWorld Agent logs: /var/log/vsfwd.log
3. netcpa (User world agent) logs can be found at /var/log/netcpa.log. This log file will contain messages regarding controller to host communication details.
4. Logical Switch (VXLAN), Distributed Logical Routing (DLR) and VMware Internetworking Service Insertion Platform (VSIP) Kernel module logs are available at /var/log/vmkernel.log. The Logical Switch related logs will be tagged with vxlan, the Distributed Logical Router related logs will be tagged with vdrb and the VSIP related logs will be tagged with vsip.
5. DVS logs are also available at /var/log/vmkernel.log
Source: NSX-v Operations Guide